You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Yehuda Katz <ye...@ymkatz.net> on 2014/11/13 16:32:04 UTC
Re: [users@httpd] index.php ist used (internally) when /index.php/ is requested
This is usually the intended behavior. Many PHP frameworks use PATH_INFO to
handle requests.
See the documentation for AcceptPathInfo:
http://httpd.apache.org/docs/current/mod/core.html#acceptpathinfo
- Y
On Thu, Nov 13, 2014 at 10:25 AM, Christoph Gröver <gr...@sitepark.com>
wrote:
>
> Hello list,
>
> Strange thing.
>
> If a request is made for a directory URL where the directory contains
> a .php then this request is translated to just the php file and php is
> executed. (/index.php/ --> /index.php)
>
> In my opinion this should not happen. Since a directory is requested
> and index.php is not a directory but a file, there should be a default
> predefined directory index appended to it (index.php or index.html) and
> this should be delivered (if it exists) or a 404 should be sent back.
> ( /index.php/ --> /index.php/index.php )
>
> Does anybody know why this is happening and what is causing
> this behaviour?
>
> This at least happens with
> Apache 2.4.7 (distribution Mageia 4.1).
>
> I presume it is somewhere in the translation phase.
>
> Greetings,
>
> --
> Christoph Gröver
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] index.php ist used (internally) when /index.php/ is requested
Posted by Yehuda Katz <ye...@ymkatz.net>.
As far as I know, the default has not changed since the directive was
introduced:
DefaultThe treatment of requests with trailing pathname information is
determined by the handler
<http://httpd.apache.org/docs/2.4/handler.html> responsible
for the request. The core handler for normal files defaults to rejecting
PATH_INFO requests. Handlers that serve scripts, such as cgi-script
<http://httpd.apache.org/docs/2.4/mod/mod_cgi.html> and isapi-handler
<http://httpd.apache.org/docs/2.4/mod/mod_isapi.html>, generally accept
PATH_INFO by default.
On Thu, Nov 13, 2014 at 11:45 AM, Christoph Gröver <gr...@sitepark.com>
wrote:
>
> Hello list,
>
> > This is usually the intended behavior. Many PHP frameworks use
> > PATH_INFO to handle requests.
> >
> > See the documentation for AcceptPathInfo:
> > http://httpd.apache.org/docs/current/mod/core.html#acceptpathinfo
>
> Thanks Yehuda. I see why this is being used. Is this the default for
> a long time?
> Last time I checked the use of trailing slashes or other nonsense
> to bypass security features it didn't work.
>
> I run a module which should restrict the use of certain URLs, so I
> think I have to prevent this configuration somehow.
>
> Thanks for the link.
> Greetings
>
> --
> Christoph Gröver
>
Re: [users@httpd] index.php ist used (internally) when /index.php/
is requested
Posted by Christoph Gröver <gr...@sitepark.com>.
Hello list,
> This is usually the intended behavior. Many PHP frameworks use
> PATH_INFO to handle requests.
>
> See the documentation for AcceptPathInfo:
> http://httpd.apache.org/docs/current/mod/core.html#acceptpathinfo
Thanks Yehuda. I see why this is being used. Is this the default for
a long time?
Last time I checked the use of trailing slashes or other nonsense
to bypass security features it didn't work.
I run a module which should restrict the use of certain URLs, so I
think I have to prevent this configuration somehow.
Thanks for the link.
Greetings
--
Christoph Gröver
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org